Microsoft Senior Security Researcher 

Taiwan, Taoyuan City 

302820713

A BS in Computer Science or Engineering or comparable experience in a related discipline,along with demonstrated expertise in the following areas:

• Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
• Strong understanding of malware and the modern threat landscape, especially identity-based attacks
• Detail oriented and reliable problem solver mentality
• Excellent oral and written communication skills including concisely communicating status; concisely, clearly, and comprehensively documenting findings
• Robust critical thinking skills and willingness to learn new concepts and technologies
• A desire to learn and grow, as well as a desire to help others do so
• Familiarity and understanding of SQL or Kusto Query Language (KQL) queries (or experience with large database/SIEM query languages such as Splunk/Humio/Kibana, etc.)
• Familiarity and understanding of Jupyter Notebooks, or building equivalent threat hunting automations with scripting languages
• Experience with some of the following is a distinct advantage:
• Consulting background
• Active Directory subject matter expertise
• Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
• Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc
• Microsoft Azure and/or Office365 platform knowledge and experience
• Experience with various forensic log artifacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
• Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
• Excellent understanding of Windows internals and where trace evidence can be found
• Knowledge of third-party cybersecurity solutions, especially EDR and SIEM solutions
• Linux and/or macOS forensic analysis and threat hunting skills
• Technical certifications based on domain (e.g., Azure, SharePoint)
• Project Management certifications (e.g., PMP, Scrum)
• Investigation/Cybersecurity/Digital Forensics/DFIR certifications (e.g. CISSP, SANS GIAC, etc)

The successful candidate must have or be able to obtain the Security Check (SC) or Developed Vetting (DV) clearance as issued by the United Kingdom Security Vetting Unit (UKSV). Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.

This role is part of a collaborative team, assisting our customers with:

• Performing deep analysis of attacker activity in on-premises and cloud environments
• Identifying potential threats, allowing for proactive defence before an actual incident
• Notifying customers regarding imminent attacker activity
• Providing recommendations to improve customers’ cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape
• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
• Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
• Identifies, prioritizes, and targets complex security issues that cause negative impact to customers. Creates and drives adoption of relevant mitigations and provide proactive guidance
• Works with others to synthesize research findings into recommendations for mitigation of security issues. Shares across teams. Drives change within team based on research findings.